ProxySG & Advanced Secure Gateway

 View Only

 Are there any resource consumption figures of SAML VS Kerberos authentication

Jump to Best Answer
Wasfi Bounni's profile image
Broadcom Knight Wasfi Bounni posted May 01, 2024 07:43 PM


Since SAML uses cookie surrogate type and Kerberos uses the details of each TCP connection "Proxy" surrogate type, I would think that SAML exerts less pressure on the Proxy SG, as the Proxy SG only needs to supply one cookie for the entire session, no matter the number of TCP connections opened by the browser.

Of course we are talking about an explicit setup.

If that is the case, are there any figures comparing the resource consumption of the Proxy with SAML VS with Kerberos?



christy hernandez's profile image
christy hernandez Best Answer


You're right, SAML generally uses fewer resources on the ProxySG compared to Kerberos due to the way they handle authentication. SAML uses a cookie to store authentication information. This cookie is sent with each request, but the ProxySG only needs to process it once per session. Reduced resource consumption on the ProxySG as it doesn't need to handle individual TCP connection details for authentication.

Kerberos relies on details within each TCP connection for authentication. Requires the ProxySG to process authentication information for every TCP connection. This can consume more resources, especially for users who open many connections.

Best Regards,